Skip to main content
Security

Multi-Signature Wallet Drained by Sophisticated Phishing Attack

A deceptive phishing attack leveraged fake Etherscan verification and Safe Multi Send to bypass multi-signature wallet security, resulting in significant asset loss.
September 16, 20253 min

A transparent blue, possibly resin, housing reveals internal metallic components, including a precision-machined connector and a fine metallic pin extending into the material. This sophisticated assembly suggests a specialized hardware device designed for high-security operations
The image displays a futuristic abstract scene with a prominent, angular metallic structure surrounded by dense blue smoke. A textured white sphere is positioned near the structure, while a smaller, faceted blue sphere floats in the upper right

Briefing

A sophisticated phishing campaign successfully compromised a 2-of-4 Safe multi-signature wallet, leading to the unauthorized transfer of $3.047 million in USDC. The attacker leveraged a meticulously crafted, fake Etherscan-verified contract to obscure malicious approval requests within seemingly legitimate Safe Multi Send transactions. This incident underscores a critical evolution in social engineering tactics, targeting the inherent trust in verified contract interfaces and multi-signature operational flows. The immediate consequence involved the swift exfiltration of funds, which were subsequently converted to Ethereum and routed through a privacy protocol, complicating recovery efforts.

A close-up view presents a high-tech mechanical assembly, featuring a central metallic rod extending from a complex circular structure. This structure comprises a textured grey ring, reflective metallic segments, and translucent outer casing elements, all rendered in cool blue-grey tones

Context

Prior to this incident, the digital asset landscape observed a persistent threat from phishing, often targeting individual users through direct wallet connection requests or malicious links. This attack represents an escalation, moving beyond basic impersonation to exploit the perceived legitimacy of Etherscan verification and the complexity of multi-signature transaction bundling. The prevailing attack surface included user vigilance against transaction details and the implicit trust placed in established on-chain verification mechanisms.

A metallic, cubic device with transparent blue accents and a white spherical component is partially submerged in a reflective, rippled liquid, while a vibrant blue, textured, frosty substance envelops one side. The object appears to be a sophisticated hardware wallet, designed for ultimate digital asset custody through advanced cold storage mechanisms

Analysis

The attack vector involved a multi-stage social engineering exploit targeting the victim’s multi-signature wallet and interaction with the Request Finance app. The attacker deployed a counterfeit, Etherscan-verified contract nearly two weeks in advance, pre-programming it with multiple “batch payment” functions to appear legitimate. On the day of the exploit, a malicious approval was executed through the Request Finance app interface.

This approval was artfully disguised within the Safe Multi Send mechanism, allowing the attacker to bypass standard scrutiny by mimicking the first and last characters of a legitimate recipient address. This chain of events enabled the attacker to gain unauthorized access to and drain the victim’s USDC holdings.

A close-up reveals a sophisticated, metallic device featuring a translucent blue screen displaying intricate digital patterns and alphanumeric characters. A prominent silver frame with a central button accents the front, suggesting an interactive interface for user input and transaction confirmation

Parameters

  • Targeted Protocol/Wallet ∞ 2-of-4 Safe multi-signature wallet
  • Vulnerability Type ∞ Sophisticated phishing via fake Etherscan-verified contract and Safe Multi Send exploit
  • Financial Impact ∞ $3.047 Million USDC
  • Blockchain(s) AffectedEthereum
  • Attack Date ∞ September 11, 2025
  • Funds Destination ∞ Ethereum, then Tornado Cash
  • Leveraged Interface ∞ Request Finance app

A close-up shot displays a highly detailed, silver-toned mechanical device nestled within a textured, deep blue material. The device features multiple intricate components, including a circular sensor and various ports, suggesting advanced functionality

Outlook

Immediate mitigation for users involves heightened scrutiny of all transaction approval requests, particularly those involving batch operations or interactions with third-party interfaces. Protocols must enhance their front-end security to detect and flag interactions with known malicious or mimicked contract addresses. This incident will likely establish new best practices for contract verification processes and necessitate more robust client-side transaction simulation tools to expose hidden malicious payloads. The contagion risk extends to any protocol or user relying on similar multi-send mechanisms without rigorous transaction content validation.

A highly detailed, three-dimensional object shaped like an 'X' or plus sign, constructed from an array of reflective blue and dark metallic rectangular segments, floats against a soft, light grey background. White, textured snow or frost partially covers the object's surfaces, creating a striking contrast with its intricate, crystalline structure

Verdict

This incident serves as a critical warning, emphasizing the escalating sophistication of social engineering attacks that exploit trust in verified on-chain identities and complex transaction structures.

Signal Acquired from ∞ cryptoslate.com

Glossary

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

social engineering

Definition ∞ Social engineering is a non-technical method of influencing people to give up confidential information or perform actions that benefit the attacker.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

ethereum

Definition ∞ Ethereum is a decentralized, open-source blockchain system that facilitates the creation and execution of smart contracts and decentralized applications (dApps).

funds

Definition ∞ Funds, in the context of digital assets, refer to pools of capital pooled together for investment in cryptocurrencies, tokens, or other digital ventures.

transaction approval

Definition ∞ Transaction approval signifies the explicit consent given by a user or authorized party to proceed with a proposed transaction, particularly in digital asset contexts.

on-chain

Definition ∞ On-chain refers to any transaction or data that is recorded and validated directly on a blockchain ledger, making it publicly verifiable and immutable.

Tags:

Tags: